From 1e841b7e6d394bcc1f725b5a0af73d55841526d7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Oct 2021 05:18:03 -0700
Subject: [PATCH] Bump okhttp from 4.9.1 to 4.9.2 (#2937)

Summary:
Bumps [okhttp](https://github.com/square/okhttp) from 4.9.1 to 4.9.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/square/okhttp/blob/master/CHANGELOG.md">okhttp's changelog</a>.</em></p>
<blockquote>
<h2>Version 4.9.2</h2>
<p><em>2021-09-30</em></p>
<ul>
<li>Fix: Don't include potentially-sensitive header values in <code>Headers.toString()</code> or exceptions.
This applies to <code>Authorization</code>, <code>Cookie</code>, <code>Proxy-Authorization</code>, and <code>Set-Cookie</code> headers.</li>
<li>Fix: Don't crash with an <code>InaccessibleObjectException</code> when running on JDK17+ with strong
encapsulation enabled.</li>
<li>Fix: Strictly verify hostnames used with OkHttp's <code>HostnameVerifier</code>. Programs that make direct
manual calls to <code>HostnameVerifier</code> could be defeated if the hostnames they pass in are not
strictly ASCII. This issue is tracked as [CVE-2021-0341].</li>
</ul>
<h2>Version 5.0.0-alpha.2</h2>
<p><em>2021-01-30</em></p>
<p><strong>In this release MockWebServer has a new Maven coordinate and package name.</strong> A longstanding
problem with MockWebServer has been its API dependency on JUnit 4. We've reorganized things to
remove that dependency while preserving backwards compatibility.</p>
<table>
<thead>
<tr>
<th align="left">Maven Coordinate</th>
<th align="left">Package Name</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">com.squareup.okhttp3:mockwebserver3:5.0.0-alpha.2</td>
<td align="left">mockwebserver3</td>
<td align="left">Core module. No JUnit dependency!</td>
</tr>
<tr>
<td align="left">com.squareup.okhttp3:mockwebserver3-junit4:5.0.0-alpha.2</td>
<td align="left">mockwebserver3.junit4</td>
<td align="left">Optional JUnit 4 integration.</td>
</tr>
<tr>
<td align="left">com.squareup.okhttp3:mockwebserver3-junit5:5.0.0-alpha.2</td>
<td align="left">mockwebserver3.junit5</td>
<td align="left">Optional JUnit 5 integration.</td>
</tr>
<tr>
<td align="left">com.squareup.okhttp3:mockwebserver:5.0.0-alpha.2</td>
<td align="left">okhttp3.mockwebserver</td>
<td align="left">Obsolete. Depends on JUnit 4.</td>
</tr>
</tbody>
</table>
<p>The new APIs use <code>mockwebserver3</code> in both the Maven coordinate and package name. This new API is
<strong>not stable</strong> and will likely change before the final 5.0.0 release.</p>
<p>If you have code that subclasses <code>okhttp3.mockwebserver.QueueDispatcher</code>, this update is not source
or binary compatible. Migrating to the new <code>mockwebserver3</code> package will fix this problem.</p>
<ul>
<li>New: DNS over HTTPS is now a stable feature of OkHttp. We introduced this as an experimental
module in 2018. We are confident in its stable API and solid implementation.</li>
<li>Fix: Work around a crash in Android 10 and 11 that may be triggered when two threads
concurrently close an SSL socket. This would have appeared in crash logs as
<code>NullPointerException: bio == null</code>.</li>
<li>Fix: Use plus <code>+</code> instead of <code>%20</code> to encode space characters in <code>FormBody</code>. This was a
longstanding bug in OkHttp. The fix makes OkHttp consistent with major web browsers.</li>
<li>Fix: Don't crash if Conscrypt returns a null version.</li>
<li>Fix: Include the public suffix data as a resource in GraalVM native images.</li>
<li>Fix: Fail fast when the cache is corrupted.</li>
<li>Fix: Fail fast when a private key cannot be encoded.</li>
<li>Fix: Fail fast when attempting to verify a non-ASCII hostname.</li>
<li>Upgrade: [GraalVM 21][graalvm_21].</li>
<li>Upgrade: [Kotlin 1.4.20][kotlin_1_4_20].</li>
</ul>

</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d"><code>3edf17c</code></a> Prepare for release 4.9.2.</li>
<li><a href="https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7"><code>262b3cd</code></a> Handle strict module handling on JDK17 (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6707">#6707</a>) (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6742">#6742</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c"><code>f574ea2</code></a> Cherry pick fix for CVE-2021-0341 onto 4.9.x (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6741">#6741</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518"><code>1fd7c0a</code></a> Make it more difficult to accidentally log sensitive headers (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6551">#6551</a>) (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6740">#6740</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6"><code>b0397cc</code></a> 4.9.x GitHub builds update (<a href="https://github-redirect.dependabot.com/square/okhttp/issues/6732">#6732</a>)</li>
<li><a href="https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd"><code>eb5a834</code></a> Prepare next development version.</li>
<li>See full diff in <a href="https://github.com/square/okhttp/compare/parent-4.9.1...parent-4.9.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.squareup.okhttp3:okhttp&package-manager=gradle&previous-version=4.9.1&new-version=4.9.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

 ---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Pull Request resolved: https://github.com/facebook/flipper/pull/2937

Reviewed By: muraziz

Differential Revision: D31502045

Pulled By: passy

fbshipit-source-id: 32af7cda9440b01eab1bca83dc694391d99bf7e6
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build.gradle b/build.gradle
index d92634a27..b0636f421 100644
--- a/build.gradle
+++ b/build.gradle
@@ -94,7 +94,7 @@ ext.deps = [
         junit              : 'junit:junit:4.13.2',
         hamcrest           : 'org.hamcrest:hamcrest-library:2.2',
         mockito            : 'org.mockito:mockito-core:3.12.4',
-        okhttp3            : 'com.squareup.okhttp3:okhttp:4.9.1',
+        okhttp3            : 'com.squareup.okhttp3:okhttp:4.9.2',
         leakcanary         : 'com.squareup.leakcanary:leakcanary-android:1.6.3',
         leakcanary2        : 'com.squareup.leakcanary:leakcanary-android:2.6',
         protobuf           : 'com.google.protobuf:protobuf-java:3.18.0',

Maven Coordinate	Package Name	Description
com.squareup.okhttp3:mockwebserver3:5.0.0-alpha.2	mockwebserver3	Core module. No JUnit dependency!
com.squareup.okhttp3:mockwebserver3-junit4:5.0.0-alpha.2	mockwebserver3.junit4	Optional JUnit 4 integration.
com.squareup.okhttp3:mockwebserver3-junit5:5.0.0-alpha.2	mockwebserver3.junit5	Optional JUnit 5 integration.
com.squareup.okhttp3:mockwebserver:5.0.0-alpha.2	okhttp3.mockwebserver	Obsolete. Depends on JUnit 4.